1.3 Details of Data Processing.
Confidentiality of Customer Data. Chime will not access or use, or disclose to any third party, any Customer Data, except, in each case, as necessary to maintain or provide the Services, or as necessary to comply with the law or a valid and binding order of a governmental body (such as a subpoena or court order). If a governmental body sends Chime a demand for Customer Data, Chime will attempt to redirect the governmental body to request that data directly from Customer. As part of this effort, Chime may provide Customer’s basic contact information to the governmental body. If compelled to disclose Customer Data to a governmental body, then Chime will give Customer reasonable notice of the demand to allow Customer to seek a protective order or other appropriate remedy unless Chime is legally prohibited from doing so.
Security Incident Notification.
6.3Unsuccessful Security Incidents. Customer agrees that:
Audits and Inspections.
11.2Sub-processor Obligations. Where Chime authorizes a Sub-processor:
Requests, Demands, And Inquiries from Governmental or Regulatory Bodies.
As of the date of this agreement, Chime engages the following sub-processors that may process Personal Data:
|Sub-processor (Entity Name)||Service Provider's Location||Provided Service|
|Amazon Web Services (AWS)||USA||Infrastructure as a Service and Platform as a Service|
|Google Cloud Platform (GCP)||USA||Natural Language Understanding|
|Vonage||USA||Cloud Communication Service Provider|
|Bandwidth||USA||Communication Platform for Messaging Service|
|Lob||USA||Automated direct mail and postal service provider|
|MailParser||USA||Mail Parsing Service|
|National Processing||USA||Payment Gateway|
|HubSpot||USA||Marketing and Analytics|
|Atlassian - Jira||USA||Ticketing System|
|Office 365||USA||Business Communication and Collaboration|
|Twilio||USA||Cloud Communication Service Provider|
|Productboard||USA||Product Tracking and feedback collection|
|Home Junction / Attom Data||USA||Listing Data Analysis|
Security Program. Chime has developed, implemented, and will consistently update and maintain as needed: (i) a written and comprehensive information security program in compliance with applicable Data Protection Law; and (ii) reasonable policies and procedures designed to detect, prevent, and mitigate the risk of data security breaches or identify theft. Chime will maintain appropriate measures to protect the integrity, security and confidentiality of all Customer Personal Data against any anticipated threats or hazards, and/or unauthorized access to or use of such data, which measures shall include the following:
Access. Chime shall reasonably update all access rights based on personnel or computer system changes and shall periodically review all access rights at an appropriate frequency to ensure current access rights to Customer Personal Data are appropriate and no greater than are required for an individual to perform his or her functions necessary to fulfill the purposes of the Agreement. Access controls include:
Changes. The Parties acknowledge that security requirements are constantly changing, and that effective security requires frequent evaluation and regular improvements of outdated security measures. Chime will therefore evaluate the measures on a periodic basis and will take reasonable measures to maintain compliance with the requirements. The Parties will negotiate in good faith the cost, if any, to implement material changes required by specific updated security requirements set forth in applicable data protection law or by data protection authorities of competent jurisdiction.
Where an amendment to the Service Agreement is necessary in order to execute a Customer instruction to Chime to improve security measures as may be required by changes in applicable data protection law from time to time, the Parties shall negotiate an amendment to the underlying agreement in good faith.
Physical Security Measures. Chime shall maintain appropriate physical security measures for any facility used to Process Customer Personal Data and continually monitor any changes to the physical infrastructure, business, and known threats.
Chime maintains physical security standards designed to prohibit unauthorized physical access to Chime facilities and equipment by using the following practices:
Technical Security Measures. Chime shall: